IP Cam Talk

Welcome to the new IPCT! If you are having an issue logging in, please clear your cookies / cache.

Critique my network layout

Cupofschmoe

Young grasshopper
Joined
Apr 13, 2017
Messages
82
Reaction score
17
Attached is a rough idea of how my network is laid out currently
What can I do to make it more efficient and secure?
Network Topology.pngThe modem, wifi router (NetGear R7000), switches (DLink DES1526 and TPLinks), and NASes are located in the far end of the house and I have aTP Link EAP225 access point on the other side of the house for wifi usage and to connect to the garage door opener and front Ring door camera. The switches are daisy chained. I plan to add home automation doodads down the line as well.

I just picked up a Dell Optiplex 5040 with an i5-6500 which will be repurposed as the BI server for $80. Probably the best find I've had in years. I've been currently running blue Iris on my personal computer running an i5-4690K for the past couple of years that I had built.. SSD died along with my storage drive which lead me to look for a dedicated BI computer.

Currently the BI computer is hooked up a different switch from the cameras, but once I get the new computer setup, it will be hooked up to open Gb port on the POE switch with the cameras to remove traffic from the other switch. I can set up a VLAN using this switch but that's over my head at the moment and I cannot see the need for it nor know how to yet.

I have not hardmounted the the POE AP as it's still using the power cord and sitting on the floor. If I connect it to my POE switch, it would limit speeds to 100 Mbps, correct? I plan on getting a POE injector but it's not high on the priority list at the moment.

I could also move the Wifi Router more centrally or should I move the AP more centrally and disable to WIFI on router and let the AP handle the WIFI. Me thinks the AP is plenty more capable of regulating WIFI traffic than the router.
 

pinko

Known around here
Joined
May 26, 2017
Messages
337
Reaction score
523
Location
Australia
First of all I'm * not an expert*.......I looked at a heap of guides for best practices to secure your IoT devices. I found The Hook up's guide for thee Ultimate (smart) Home Network great and easy to follow (the link is part 3 of his guide).
You may want to look at a something like the UniFi Security Gateway. Everyone needs one! :p

It helped that I had identical network hardware (USG + switches) to follow the tutorial, but the basic principals will work across any home network.

I use Home Assistant (Hassio) for home automation and had way too many IoT devices that were not secured on a separate VLAN. (this included the cameras)
The guide keeps things pretty simple. You basically make and configure separate VLAN's for IoT (internet of things) devices and NoT (network of things) devices, keeping the separate from your trusted devices, limiting their activity via VLAN's and firewall rules.

The diagram below shows the topology of my network. Not included in this are other devices connected to switches and the 50+ other devices connected via WiFi across the network.
To help keep my sanity I have static IP's assigned to each and every device that connects to the network and have a separate guest network.
update 2 network August 2019.png
 

Cupofschmoe

Young grasshopper
Joined
Apr 13, 2017
Messages
82
Reaction score
17
First of all I'm * not an expert*.......I looked at a heap of guides for best practices to secure your IoT devices. I found The Hook up's guide for thee Ultimate (smart) Home Network great and easy to follow (the link is part 3 of his guide).
You may want to look at a something like the UniFi Security Gateway. Everyone needs one! :p

It helped that I had identical network hardware (USG + switches) to follow the tutorial, but the basic principals will work across any home network.

I use Home Assistant (Hassio) for home automation and had way too many IoT devices that were not secured on a separate VLAN. (this included the cameras)
The guide keeps things pretty simple. You basically make and configure separate VLAN's for IoT (internet of things) devices and NoT (network of things) devices, keeping the separate from your trusted devices, limiting their activity via VLAN's and firewall rules.

The diagram below shows the topology of my network. Not included in this are other devices connected to switches and the 50+ other devices connected via WiFi across the network.
To help keep my sanity I have static IP's assigned to each and every device that connects to the network and have a separate guest network.
Ughh.. Why didn't I think of roaming capabilities..although not a necessity but it is extremely convenient. I do not think my current AP supports it.
Great info and the Unifi setup looks extremely user friendly.
More reading and research to do. Thanks for the help!
 

ijdod

n3wb
Joined
Aug 27, 2019
Messages
8
Reaction score
8
Location
The Netherlands
The only requiment for roaming is the wifi settings being the same (network name (SSID), key, encryption), so as long as all your APs support a matching configuration. Roaming is handled from the client side, so all the client needs is to see other APs announcing the same network.
 

mikeynags

Pulling my weight
Joined
Mar 14, 2017
Messages
297
Reaction score
175
Location
CT - the tax you to death state
First of all I'm * not an expert*.......I looked at a heap of guides for best practices to secure your IoT devices. I found The Hook up's guide for thee Ultimate (smart) Home Network great and easy to follow (the link is part 3 of his guide).
You may want to look at a something like the UniFi Security Gateway. Everyone needs one! :p

It helped that I had identical network hardware (USG + switches) to follow the tutorial, but the basic principals will work across any home network.

I use Home Assistant (Hassio) for home automation and had way too many IoT devices that were not secured on a separate VLAN. (this included the cameras)
The guide keeps things pretty simple. You basically make and configure separate VLAN's for IoT (internet of things) devices and NoT (network of things) devices, keeping the separate from your trusted devices, limiting their activity via VLAN's and firewall rules.

The diagram below shows the topology of my network. Not included in this are other devices connected to switches and the 50+ other devices connected via WiFi across the network.
To help keep my sanity I have static IP's assigned to each and every device that connects to the network and have a separate guest network.
View attachment 46693
@pinko - what did you create you network diagram with?
 

pinko

Known around here
Joined
May 26, 2017
Messages
337
Reaction score
523
Location
Australia
@mikeynags I use Edraw Max. You can just drag and drop images into the program. simple to use. The connectors (blue lines) gave me hell, until i read the instructions.... :)

There a ton of templates in the program I'm just using a modified template for basic network diagram. PM if you want an exact copy of the one I used.
 
Last edited:
Top